█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/Programming Languages/REST APIs/Passion Project: Production-Grade REST API
300 minIntermediate

Passion Project: Production-Grade REST API

After this lesson, you will be able to: Design + ship a production-grade REST API: OpenAPI docs, JWT auth, validation, rate limiting, tests, deployed.

The capstone. A documented, tested, deployed REST API that you'd be proud to put in front of a hiring manager. Shows everything from this subtrack.

Prerequisites:GraphQL as alternative

Pick a domain

Real, used-by-real-people scope.

  1. 1

    Option A: Bookmark/links API, categories, tags, public/private, search. (Pinboard clone.)

  2. 2

    Option B: Recipe API, recipes + ingredients + ratings + meal-plan generation.

  3. 3

    Option C: Habit tracker, habits + check-ins + streak calculation + weekly insights.

  4. 4

    Option D: Tiny SaaS billing API, orgs + users + subscriptions + invoices + webhooks. (Hardest, most impressive.)

Required features

Production-grade.

  1. 1

    1. Express, Hono, Fastify, or Next.js API routes (any modern Node framework).

  2. 2

    2. At least 8 endpoints covering CRUD on 3+ resources.

  3. 3

    3. JWT auth, login + register + refresh.

  4. 4

    4. Zod (or equivalent) validation on EVERY input.

  5. 5

    5. Consistent error envelope across endpoints.

  6. 6

    6. Rate limiting on auth endpoints + per-user limits on writes.

  7. 7

    7. OpenAPI spec generated from code, served as JSON + interactive UI (Scalar or Swagger UI).

  8. 8

    8. At least 10 Supertest cases covering happy paths + error paths.

  9. 9

    9. Postgres or Mongo backend (your call).

  10. 10

    10. Deployed to Render / Railway / Fly.io / Vercel with a public URL.

  11. 11

    11. README with quick-start, architecture diagram, design decisions.

Milestones

Order matters.

  1. 1

    Milestone 1: Project skeleton + DB connection + one route returning 200.

  2. 2

    Milestone 2: 3+ schemas + tables/collections; CRUD endpoints for primary entity.

  3. 3

    Milestone 3: JWT auth, register + login + middleware that protects routes.

  4. 4

    Milestone 4: Validation + error envelope (consistent shape across all endpoints).

  5. 5

    Milestone 5: OpenAPI docs (Scalar UI at /docs).

  6. 6

    Milestone 6: Rate limiting (per-IP for auth + per-user for writes).

  7. 7

    Milestone 7: Supertest suite, happy + error paths.

  8. 8

    Milestone 8: Deploy + smoke-test the live URL.

  9. 9

    Milestone 9: README + architecture diagram.

💡 How to talk about this

INTERVIEW: 'I built LinkVault, a Node + TS REST API with JWT auth, Zod validation, OpenAPI docs via Scalar, per-user rate limiting, and 95% test coverage. Deployed on Fly.io with Postgres.' RESUME: 'LinkVault, Node.js + Express + Postgres REST API (live link). JWT auth, OpenAPI 3.1 docs, Supertest, deployed.' QUESTIONS to expect: How did you handle error responses? Why JWT over sessions? How do you prevent N+1? Walk me through your rate limiter. How would you scale this?

Deployment

API: Render / Railway / Fly.io / Vercel, all have free tiers for hobby projects. DB: Neon (Postgres) or Atlas (Mongo), both free tier. Custom domain optional but nice, adds polish.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←GraphQL as Alternative
Back to REST APIs
REST APIs Job Readiness→